Lucene search
+L

93 matches found

Cvelist
Cvelist
added 2023/11/22 3:33 p.m.50 views

CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS8.8AI score0.00923EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.11 views

PT-2023-32472 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.4 Description: The issue allows authenticated attackers with minimal permissions to modify their user role by exploiting insufficient restrictions on the userpro update user...

8.8CVSS8.9AI score0.00923EPSS
Exploits2References7
NVD
NVD
added 2023/09/13 3:15 a.m.27 views

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS8.6AI score0.00688EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.18 views

Authorization

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...

6.5CVSS8.6AI score0.00689EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.39 views

CVE-2023-3636 WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...

8.8CVSS8.8AI score0.00689EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/12 7:42 a.m.6 views

CVE-2023-4293 Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...

8.8CVSS6.9AI score0.00794EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/09 2:4 a.m.9 views

CVE-2023-4239 Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'remsaveprofilefront' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

8.8CVSS6.9AI score0.00622EPSS
Exploits1References2
OSV
OSV
added 2023/08/04 3:15 a.m.9 views

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

8.8CVSS5.8AI score0.00612EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/04 2:4 a.m.10 views

CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

6.6CVSS7.2AI score0.00612EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/04 2:4 a.m.28 views

CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

6.6CVSS8.8AI score0.00612EPSS
Exploits0References3
Prion
Prion
added 2023/06/06 10:15 a.m.19 views

Authorization

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

6.5CVSS8.5AI score0.1748EPSS
Exploits4References5Affected Software1
Cvelist
Cvelist
added 2023/06/06 9:33 a.m.64 views

CVE-2023-2833 ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

8.8CVSS8.8AI score0.1748EPSS
Exploits4References5
Vulnrichment
Vulnrichment
added 2023/04/12 1:30 p.m.10 views

CVE-2023-1874 WP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege Escalation

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

7.5CVSS7.2AI score0.02726EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2023/04/05 6:0 p.m.12 views

CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS7.2AI score0.02099EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7.1AI score0.04124EPSS
Exploits2References5
OSV
OSV
added 2022/10/17 4:15 p.m.6 views

CVE-2019-14841

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console...

8.8CVSS5.8AI score0.00617EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/14 3:45 a.m.19 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

6.5AI score0.00555EPSS
Exploits0References1
CVE
CVE
added 2022/10/14 3:45 a.m.75 views

CVE-2022-36803

The CVE-2022-36803 vulnerability affects Atlassian Jira Align Server prior to version 10.109.2, due to improper access control in the MasterUserEdit API. An authenticated attacker with the People role can use MasterUserEdit to elevate any user’s role to Super Admin. The issue is explicitly tied t...

8.8CVSS8.4AI score0.00555EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.11 views

PT-2022-6074 · Atlassian · Jira Align Server

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align Server versions prior to 10.109.2 Description: The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's rol...

9CVSS6.8AI score0.00555EPSS
Exploits0References7
CNVD
CNVD
added 2021/09/28 12:0 a.m.63 views

WordPress plugin uListing cross-site request forgery vulnerability

The WordPress plugin uListing is a directory and listing plugin based on Vue.js. The WordPress plugin uListing 2.0.5 and earlier versions are vulnerable to cross-site request forgery. An attacker could exploit the vulnerability to modify user roles...

6.5CVSS3.7AI score0.00428EPSS
Exploits1References1
Rows per page
Query Builder